This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site2Site IPSec With Dual WAN Connections.

support@computer-ss.com over 13 years ago

Hi,
I'm having an issue with creating an IPSec tunnel from my DMZ to a remote site. I have no problem creating a tunnel from my LAN to the same remote site.

My Astaro 7 config is as follows:

WAN0 = ISP#1(default gateway)
WAN1 = ISP#2

LAN = Setup to Masquerade via WAN0
DMZ = Setup to Masquerade via WAN1 + Policy Route to use WAN1's ISP gateway.

If I try to ping my remote site from a host machine on the DMZ I get
"From 67.50.8.x icmp_seq=3 Destination Host Unreachable"
which is just one hop up from our ISP on WAN1. To me, it seems like my policy route is *messing with packets that should be using the IPSec transform.

Any input would be appriciated.

Thanks,
Sean

This thread was automatically locked due to age.

Parents

0 support@computer-ss.com over 13 years ago

Sorry for the delay Bob. My pol route is DMZ->Any->Any-> : via ISP's gateway.

I have higher priority routes so that the DMZ can talk to the VoIP network etc.

I can't seem to find a definition for "Internet", what is the proper way to create it? I bet your method would solve my problem with the IPSec site-to-site problem and I can get rid of a bunch of *hack routes too.

Yeah, site-to-site(Astaro - Cisco1760).

Thanks again,
Sean
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 support@computer-ss.com over 13 years ago

Sorry for the delay Bob. My pol route is DMZ->Any->Any-> : via ISP's gateway.

I have higher priority routes so that the DMZ can talk to the VoIP network etc.

I can't seem to find a definition for "Internet", what is the proper way to create it? I bet your method would solve my problem with the IPSec site-to-site problem and I can get rid of a bunch of *hack routes too.

Yeah, site-to-site(Astaro - Cisco1760).

Thanks again,
Sean
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data